As the rain fell outside on the Moscone Center this past week in downtown San Francisco, the 2019 RSA Conference inside was full of cybersolutions.
The RSA Conference is the largest, and probably most significant, single ongoing global cybersecurity event on the planet. It brings together people, companies and ideas from all over the world — and serves as a smorgasbord of security ideas new and old.
And yes, the expectations for such an event are very high. These are some of the top questions I use to analyze and evaluate the RSA Conference (RSAC) every year:
- Where’s the WOW?
- Did I learn anything new (or different that changed my mind) on an important security topic?
- Who are the new and persevering cyberindustry thought leaders that I need to continue follow?
- How will emerging technology features and security tools change the world (for better or worse)?
- What will we (still) be talking about (from this show) five or 10 years from now?
As I have said in past years, it is amazing, overwhelming, intimidating and exhausting for attendees. With formal and informal sessions, a huge show floor full of company products and demonstrations, breakfasts, lunches and dinners, vendor parties, and numerous side events (and full competing conferences) happening at the same time, it is physically impossible to do it all.
RSAC Details for 2019
This year’s RSA Conference website is full of materials that you can use, even if you didn’t attend the event. The information is organized in easy-to-use categories such as speakers, tracks and spotlights. The reported attendance was more than 42,500, although it seemed larger than last year due to the expanded show floor.
You can also watch numerous RSA Conference video presentations here.
The mainline media coverage of the conference appeared to be down as compared to other years that offered front-page articles from many major newspapers. However, much of that coverage in 2018 was related to a lack of women keynotes and presenters, which did not happen this year. In fact, it appeared that RSAC organizers went out of their way to have numerous all-women sessions and dozens of top women presenters in every track and in most panel sessions.
Business Wire offered these main RSA Conference talking points describing the 2019 event details:
- “An expanded keynote program with 31 keynote presentations on two stages. West Stage keynotes featured sponsor keynotes, panels and esteemed guest speakers, and South Stage keynotes utilized the newly opened Moscone Center South to bring highly coveted sessions from industry experts to a broader audience.
- 740 speakers across 621 sessions and more than 700 companies on the expo floors.
- Key session and seminar presentations included:
- Building Security In — DevSecOps; Noopur Davis, SVP, Chief Product and Information Security Officer, Comcast
- Building Identity for an Open Perimeter; Tejas Dharamshi, Senior Security Software Engineer, Netflix, Inc.
- Cybersecurity Tips, Tools and Techniques for Your Professional Toolbag; Ronald Woerner, IT Risk and Compliance Consultant, DirectDefense
- How to Eliminate a Major Vulnerability in the Cybersecurity Workforce; Laura Bate, Policy Analyst, New America; Danielle Santos, Program Manager, NIST
- The Fine Art of Creating a Transformational Cybersecurity Strategy; Jinan Budge, Principal Analyst, Forrester Research; Andrew Rose, Chief Security Officer, Vocalink, a Mastercard Company
- Threat Hunting Using 16th-Century Math and Sesame Street; Vernon Habersetzer Sr., Enterprise Technical Expert, Walmart
- Axonius was named “RSA Conference 2019’s Most Innovative Startup” by the Innovation Sandbox’s judges’ panel comprised of technology, venture and security industry thought leaders.
- The Award for Excellence in the field of Mathematics was given to Tal Rabin, manager of cryptographic research, Thomas J. Watson Research Center. …”
Threat Post offered this good recap of the 2019 RSA Conference.
CRN.com provided these 30 hot new cybersecurity products announced at RSA.
And Bank Info Security offered their interviews and highlights from RSAC.
Dan Lohrmann’s Top Presentations from RSAC 2019
From my perspective, here are a few of the presentations that grabbed my attention. This list is a diverse mix of different formats, styles and ideas. (Side Note: My criteria for a WOW is an unexpected talk that has unique, new materials. Or, a presenter who has a track record of success over many years who continues to deliver new insights and perspectives that are intriguing, helpful and useful.)
1. Tales of a Teenage Security Supergirl — This presentation by Kyla Guru was simply amazing for a 16-year-old girl still in high school. Definitely a WOW to remember. It is empowering for Gen Z, and a brief talk you should show to your teenage relatives and friends for a ton of reasons — if for nothing else to inspire them in public communications. The nonprofit BitsnBytes cybersecurity platform has a very bright future, as does this young lady.
2. A View from the Front Lines of Cybersecurity by FireEye — This session includes Sandra Joyce, Vice President and Head of Global Intelligence Operations, FireEye and Kevin Mandia, Chief Executive Officer, FireEye. I am almost always impressed with Kevin Mandia, and he brought some good and bad news — with detailed industry trends to watch.
He discussed a few nation-states cyberattacks and trends:
- North Korea financially motivated group that also uses destructive malware for distraction.
- Iranian threat actors — going after individuals.
- China — military actions in cyber.
- Russia targeted safety systems at an ICS plant — shut down a plant.
What’s next? Brazen actions, and people will get hurt — secondary and tertiary effects are out of control.
Also, more compartmentalizing is happening with Balkanization and new rules. Kevin warned that those who fail to abide by them with have a very different Internet experience.
3. The Five Most Dangerous New Attack Techniques and How to Counter Them — with Alan Paller from SANS and Heather Mahalik, the Director of Forensics Engineering at ManTech. Great session, and always good to hear from Alan and Heather as well as the others on this panel.
4. RSA Sandbox — Here was one of several excellent sessions from this Sandbox series of panels and presentations.
5. In the Wake of an Attack: Thoughts from a Seasoned CISO with Dr. Hugh Thompson, Program Committee Chair, RSA Conference, and Bob Lord, Chief Security Officer, DNC.
6. And last, but certainly not least, I really like the RSAC Launch Pad, which highlights companies such as NulD in the popular Shark Tank format.
Watch Ethan Landow, Head of Strategy and Operations and the NulD Judges, including Theresia Gouw, Founding Partner, Aspect Ventures.
Closing Thoughts on RSA 2019
One big early buzz at this year’s RSA Conference was the announcement about Adi Shamir’s visa snub from the U.S. government.
“Adi Shamir, the S in the renowned RSA encryption system, didn’t take his usual place on the Cryptographers’ Panel at this year’s RSA Conference in San Francisco — because he couldn’t get a visa from the U.S. government. And he’s not alone.
Shamir — the 2002 Turing Award co-winner and a member of the U.S., French, and Israeli Academy of Sciences and Britain’s Royal Society — lives in Israel, and applied for a U.S. visa two months ago to attend the information security conference, the largest of its type in the world, which is being held this week in California. Shamir, along with Ron Rivest and Leonard Adleman, invented the widely used RSA cryptosystem, and cofounded RSA Security, which has been running the RSA Conference since 1991. …”
On a personal level, I always enjoy the National Cyber Security Alliance (NCSA) luncheon on Thursday for networking and important updates from the Department of Homeland Security (DHS). It was wonderful news to hear that Kelvin Coleman is the new NCSA executive director, and he is the perfect person for that role in my opinion. The update on DHS’ new cyberagency was also excellent from Jeanette Manfra who is the assistant director of cybersecurity for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
The RSA Conference will remain in San Francisco for (at least) one more year, so we’ll plan to be back for another cyberextravaganza in 2020.